Skills
skills/wulaosiji/skills/pitch-deck-creator/Gen Agent Trust Hub

pitch-deck-creator

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to generate a Python script containing user-provided data and execute it within the environment to create a .pptx file. This runtime script generation and execution is a form of dynamic execution.
  • [EXTERNAL_DOWNLOADS]: The skill requires the python-pptx library from the Python Package Index (PyPI) to function. While this is a standard industry library, it involves the installation of third-party code.
  • [PROMPT_INJECTION]: The workflow ingests untrusted user data (such as project names, pain points, and team descriptions) and interpolates it directly into the Python script's logic. This creates an attack surface where a malicious user could provide input designed to escape string boundaries and execute arbitrary Python commands during the file generation process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 01:11 AM
Security Audit — agent-trust-hub — pitch-deck-creator